npm - @cosmicdrift/kumiko-framework - Versions diffs - 0.1.0 - Mend

@cosmicdrift/kumiko-framework 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (388) hide show

package/README.md +159 -0
package/package.json +91 -0
package/src/__tests__/anonymous-access.integration.ts +325 -0
package/src/__tests__/error-contract.integration.ts +435 -0
package/src/__tests__/field-access.integration.ts +269 -0
package/src/__tests__/full-stack.integration.ts +914 -0
package/src/__tests__/ownership.integration.ts +449 -0
package/src/__tests__/reference-data.integration.ts +198 -0
package/src/__tests__/transition-guard.integration.ts +340 -0
package/src/api/__tests__/api.test.ts +337 -0
package/src/api/__tests__/auth-middleware-transport.test.ts +80 -0
package/src/api/__tests__/auth-routes-cookie.test.ts +179 -0
package/src/api/__tests__/batch.integration.ts +404 -0
package/src/api/__tests__/body-limit.test.ts +88 -0
package/src/api/__tests__/csrf-middleware.test.ts +97 -0
package/src/api/__tests__/dispatcher-live.integration.ts +216 -0
package/src/api/__tests__/metrics-endpoint.test.ts +126 -0
package/src/api/__tests__/nested-write.integration.ts +213 -0
package/src/api/__tests__/readiness.test.ts +76 -0
package/src/api/__tests__/request-id-middleware.test.ts +72 -0
package/src/api/__tests__/sse-broker.test.ts +58 -0
package/src/api/__tests__/sse-route.test.ts +112 -0
package/src/api/anonymous-cookie.ts +60 -0
package/src/api/api-constants.ts +64 -0
package/src/api/auth-middleware.ts +418 -0
package/src/api/auth-routes.ts +982 -0
package/src/api/csrf-middleware.ts +77 -0
package/src/api/index.ts +31 -0
package/src/api/jwt.ts +66 -0
package/src/api/observability-middleware.ts +89 -0
package/src/api/readiness.ts +132 -0
package/src/api/request-context.ts +49 -0
package/src/api/request-id-middleware.ts +50 -0
package/src/api/route-registrars.ts +195 -0
package/src/api/routes.ts +135 -0
package/src/api/server.ts +640 -0
package/src/api/sse-broker.ts +71 -0
package/src/api/sse-route.ts +62 -0
package/src/api/tokens.ts +16 -0
package/src/db/__tests__/apply-entity-event-tenant.integration.ts +159 -0
package/src/db/__tests__/compound-types.test.ts +114 -0
package/src/db/__tests__/connection-options.test.ts +68 -0
package/src/db/__tests__/cursor.test.ts +41 -0
package/src/db/__tests__/db-helpers.test.ts +369 -0
package/src/db/__tests__/dialect-instant.test.ts +50 -0
package/src/db/__tests__/drizzle-helpers.integration.ts +186 -0
package/src/db/__tests__/drizzle-table-types.test.ts +162 -0
package/src/db/__tests__/encryption.test.ts +39 -0
package/src/db/__tests__/event-store-executor-list.integration.ts +313 -0
package/src/db/__tests__/event-store-executor.integration.ts +235 -0
package/src/db/__tests__/implicit-projection-equivalence.integration.ts +304 -0
package/src/db/__tests__/located-timestamp.test.ts +184 -0
package/src/db/__tests__/money.test.ts +199 -0
package/src/db/__tests__/multi-row-insert.integration.ts +76 -0
package/src/db/__tests__/parse-auto-verb.test.ts +70 -0
package/src/db/__tests__/required-not-null-migration-safety.integration.ts +105 -0
package/src/db/__tests__/row-helpers.test.ts +59 -0
package/src/db/__tests__/schema-migration.integration.ts +273 -0
package/src/db/__tests__/table-builder-indexes.test.ts +153 -0
package/src/db/__tests__/table-builder-required.test.ts +216 -0
package/src/db/__tests__/tenant-db.integration.ts +606 -0
package/src/db/__tests__/unique-violation-mapping.integration.ts +166 -0
package/src/db/apply-entity-event.ts +188 -0
package/src/db/assert-exists-in.ts +59 -0
package/src/db/compound-types.ts +47 -0
package/src/db/connection.ts +104 -0
package/src/db/cursor.ts +83 -0
package/src/db/dialect.ts +109 -0
package/src/db/eagerload.ts +174 -0
package/src/db/encryption.ts +39 -0
package/src/db/event-store-executor.ts +906 -0
package/src/db/index.ts +55 -0
package/src/db/located-timestamp.ts +114 -0
package/src/db/money.ts +120 -0
package/src/db/pg-error.ts +46 -0
package/src/db/reference-data.ts +77 -0
package/src/db/row-helpers.ts +53 -0
package/src/db/schema-inspection.ts +25 -0
package/src/db/table-builder.ts +475 -0
package/src/db/tenant-db.ts +434 -0
package/src/engine/__tests__/auth-claims-registrar.test.ts +74 -0
package/src/engine/__tests__/boot-validator-located-timestamps.test.ts +108 -0
package/src/engine/__tests__/boot-validator.test.ts +1865 -0
package/src/engine/__tests__/build-app-schema.test.ts +154 -0
package/src/engine/__tests__/claim-keys.test.ts +274 -0
package/src/engine/__tests__/config-helpers.test.ts +236 -0
package/src/engine/__tests__/effective-features.test.ts +86 -0
package/src/engine/__tests__/engine.test.ts +1461 -0
package/src/engine/__tests__/entity-handlers.test.ts +274 -0
package/src/engine/__tests__/event-helpers.test.ts +68 -0
package/src/engine/__tests__/extends-registrar.test.ts +159 -0
package/src/engine/__tests__/factories-long-text.test.ts +84 -0
package/src/engine/__tests__/factories-time.test.ts +158 -0
package/src/engine/__tests__/field-predicates.test.ts +48 -0
package/src/engine/__tests__/hook-phases.test.ts +132 -0
package/src/engine/__tests__/identifiers.test.ts +35 -0
package/src/engine/__tests__/lifecycle-hooks.test.ts +237 -0
package/src/engine/__tests__/nav.test.ts +267 -0
package/src/engine/__tests__/ownership.test.ts +421 -0
package/src/engine/__tests__/parse-ref-target.test.ts +43 -0
package/src/engine/__tests__/projection-helpers.test.ts +62 -0
package/src/engine/__tests__/projection.test.ts +191 -0
package/src/engine/__tests__/qualified-name.test.ts +264 -0
package/src/engine/__tests__/resolve-config-or-param.test.ts +315 -0
package/src/engine/__tests__/run-in.test.ts +38 -0
package/src/engine/__tests__/schema-builder.test.ts +380 -0
package/src/engine/__tests__/screen.test.ts +408 -0
package/src/engine/__tests__/state-machine.test.ts +148 -0
package/src/engine/__tests__/system-user.test.ts +57 -0
package/src/engine/__tests__/validation-hooks.test.ts +71 -0
package/src/engine/access.ts +23 -0
package/src/engine/boot-validator.ts +1528 -0
package/src/engine/build-app-schema.ts +125 -0
package/src/engine/config-helpers.ts +115 -0
package/src/engine/constants.ts +85 -0
package/src/engine/create-app.ts +98 -0
package/src/engine/define-feature.ts +702 -0
package/src/engine/define-handler.ts +78 -0
package/src/engine/define-roles.ts +19 -0
package/src/engine/effective-features.ts +87 -0
package/src/engine/entity-handlers.ts +364 -0
package/src/engine/event-helpers.ts +73 -0
package/src/engine/factories.ts +328 -0
package/src/engine/feature-ast/__tests__/canonical-form.test.ts +416 -0
package/src/engine/feature-ast/__tests__/parse-happy-path.test.ts +197 -0
package/src/engine/feature-ast/__tests__/parse-real-features.test.ts +128 -0
package/src/engine/feature-ast/__tests__/parse.test.ts +888 -0
package/src/engine/feature-ast/__tests__/patch.test.ts +360 -0
package/src/engine/feature-ast/__tests__/patcher.test.ts +469 -0
package/src/engine/feature-ast/__tests__/render-roundtrip.test.ts +287 -0
package/src/engine/feature-ast/extractors.ts +2562 -0
package/src/engine/feature-ast/index.ts +105 -0
package/src/engine/feature-ast/parse.ts +369 -0
package/src/engine/feature-ast/patch.ts +525 -0
package/src/engine/feature-ast/patcher.ts +518 -0
package/src/engine/feature-ast/patterns.ts +434 -0
package/src/engine/feature-ast/render.ts +602 -0
package/src/engine/feature-ast/source-location.ts +45 -0
package/src/engine/field-access.ts +120 -0
package/src/engine/index.ts +254 -0
package/src/engine/ownership.ts +337 -0
package/src/engine/parse-ref-target.ts +22 -0
package/src/engine/pattern-library/__tests__/library.test.ts +351 -0
package/src/engine/pattern-library/index.ts +24 -0
package/src/engine/pattern-library/library.ts +1117 -0
package/src/engine/pattern-library/types.ts +255 -0
package/src/engine/projection-helpers.ts +85 -0
package/src/engine/qualified-name.ts +122 -0
package/src/engine/read-claim.ts +31 -0
package/src/engine/registry.ts +1325 -0
package/src/engine/resolve-config-or-param.ts +153 -0
package/src/engine/run-in.ts +29 -0
package/src/engine/schema-builder.ts +175 -0
package/src/engine/screen-filter-ops.ts +51 -0
package/src/engine/state-machine.ts +70 -0
package/src/engine/system-user.ts +32 -0
package/src/engine/types/config.ts +306 -0
package/src/engine/types/event-type-map.ts +37 -0
package/src/engine/types/feature.ts +574 -0
package/src/engine/types/fields.ts +422 -0
package/src/engine/types/handlers.ts +742 -0
package/src/engine/types/hooks.ts +142 -0
package/src/engine/types/http-route.ts +54 -0
package/src/engine/types/identifiers.ts +47 -0
package/src/engine/types/index.ts +208 -0
package/src/engine/types/nav.ts +46 -0
package/src/engine/types/projection.ts +132 -0
package/src/engine/types/relations.ts +51 -0
package/src/engine/types/screen.ts +452 -0
package/src/engine/types/workspace.ts +42 -0
package/src/engine/validation.ts +33 -0
package/src/entrypoint/__tests__/entrypoint-job-wiring.integration.ts +173 -0
package/src/entrypoint/__tests__/split-deploy.integration.ts +297 -0
package/src/entrypoint/index.ts +442 -0
package/src/errors/__tests__/classes.test.ts +371 -0
package/src/errors/__tests__/write-failures.test.ts +109 -0
package/src/errors/classes.ts +249 -0
package/src/errors/i18n/de.yaml +83 -0
package/src/errors/i18n/en.yaml +80 -0
package/src/errors/index.ts +41 -0
package/src/errors/kumiko-error.ts +67 -0
package/src/errors/reasons.ts +36 -0
package/src/errors/serialize.ts +136 -0
package/src/errors/transition-details.ts +30 -0
package/src/errors/write-error-info.ts +123 -0
package/src/errors/zod-bridge.ts +49 -0
package/src/event-store/__tests__/admin-api.integration.ts +361 -0
package/src/event-store/__tests__/event-store.integration.ts +584 -0
package/src/event-store/__tests__/get-stream-version-perf.integration.ts +83 -0
package/src/event-store/__tests__/perf.integration.ts +255 -0
package/src/event-store/__tests__/snapshot.integration.ts +267 -0
package/src/event-store/__tests__/upcaster-dead-letter.integration.ts +204 -0
package/src/event-store/__tests__/upcaster.integration.ts +460 -0
package/src/event-store/admin-api.ts +257 -0
package/src/event-store/archive.ts +106 -0
package/src/event-store/errors.ts +35 -0
package/src/event-store/event-store.ts +405 -0
package/src/event-store/events-schema.ts +90 -0
package/src/event-store/index.ts +50 -0
package/src/event-store/snapshot.ts +210 -0
package/src/event-store/upcaster-dead-letter.ts +119 -0
package/src/event-store/upcaster.ts +147 -0
package/src/files/__tests__/content-disposition.test.ts +123 -0
package/src/files/__tests__/file-field-column.integration.ts +103 -0
package/src/files/__tests__/file-field-pipeline.integration.ts +211 -0
package/src/files/__tests__/file-handle.test.ts +122 -0
package/src/files/__tests__/files.integration.ts +830 -0
package/src/files/__tests__/storage-tracking.integration.ts +153 -0
package/src/files/content-disposition.ts +55 -0
package/src/files/file-handle.ts +63 -0
package/src/files/file-ref-table.ts +22 -0
package/src/files/file-routes.ts +353 -0
package/src/files/in-memory-provider.ts +62 -0
package/src/files/index.ts +29 -0
package/src/files/local-provider.ts +35 -0
package/src/files/storage-tracking.ts +60 -0
package/src/files/types.ts +118 -0
package/src/i18n/__tests__/i18n.test.ts +72 -0
package/src/i18n/index.ts +29 -0
package/src/jobs/__tests__/job-event-trigger.integration.ts +172 -0
package/src/jobs/__tests__/job-multi-trigger.integration.ts +144 -0
package/src/jobs/__tests__/jobs.integration.ts +566 -0
package/src/jobs/index.ts +2 -0
package/src/jobs/job-runner.ts +574 -0
package/src/lifecycle/__tests__/create-test-lifecycle.ts +19 -0
package/src/lifecycle/__tests__/lifecycle-server.integration.ts +108 -0
package/src/lifecycle/__tests__/lifecycle.test.ts +212 -0
package/src/lifecycle/__tests__/signal-handlers.test.ts +106 -0
package/src/lifecycle/index.ts +13 -0
package/src/lifecycle/lifecycle.ts +160 -0
package/src/lifecycle/signal-handlers.ts +62 -0
package/src/logging/__tests__/pino-trace-bridge.test.ts +50 -0
package/src/logging/index.ts +3 -0
package/src/logging/pino-logger.ts +64 -0
package/src/logging/types.ts +7 -0
package/src/migrations/__tests__/compare-snapshots.test.ts +150 -0
package/src/migrations/__tests__/detect-drift.integration.ts +320 -0
package/src/migrations/__tests__/detect-projections-to-rebuild.integration.ts +134 -0
package/src/migrations/__tests__/rebuild-marker.test.ts +79 -0
package/src/migrations/index.ts +28 -0
package/src/migrations/projection-detection.ts +149 -0
package/src/migrations/rebuild-marker.ts +64 -0
package/src/migrations/schema-drift.ts +395 -0
package/src/observability/__tests__/console-provider.test.ts +67 -0
package/src/observability/__tests__/metric-validator.test.ts +87 -0
package/src/observability/__tests__/noop-provider.test.ts +82 -0
package/src/observability/__tests__/observability.integration.ts +559 -0
package/src/observability/__tests__/prometheus-meter.test.ts +144 -0
package/src/observability/__tests__/recording-meter.test.ts +101 -0
package/src/observability/__tests__/recording-tracer.test.ts +110 -0
package/src/observability/__tests__/sensitive-filter.test.ts +98 -0
package/src/observability/console-provider.ts +130 -0
package/src/observability/context.ts +26 -0
package/src/observability/fallback.ts +34 -0
package/src/observability/ids.ts +25 -0
package/src/observability/index.ts +79 -0
package/src/observability/metric-validator.ts +86 -0
package/src/observability/metrics-handle.ts +56 -0
package/src/observability/noop-provider.ts +146 -0
package/src/observability/prometheus-meter.ts +284 -0
package/src/observability/recording-meter.ts +156 -0
package/src/observability/recording-tracer.ts +198 -0
package/src/observability/redis-wrapper.ts +132 -0
package/src/observability/sensitive-filter.ts +108 -0
package/src/observability/standard-metrics.ts +213 -0
package/src/observability/types/index.ts +29 -0
package/src/observability/types/metric.ts +56 -0
package/src/observability/types/provider.ts +32 -0
package/src/observability/types/span.ts +64 -0
package/src/pipeline/__tests__/archive-stream.integration.ts +220 -0
package/src/pipeline/__tests__/auth-claims-resolver.test.ts +279 -0
package/src/pipeline/__tests__/cascade-handler.integration.ts +419 -0
package/src/pipeline/__tests__/cascade-handler.test.ts +52 -0
package/src/pipeline/__tests__/causation-chain.integration.ts +206 -0
package/src/pipeline/__tests__/ctx-bridge.integration.ts +234 -0
package/src/pipeline/__tests__/dispatcher.test.ts +379 -0
package/src/pipeline/__tests__/distributed-lock.integration.ts +67 -0
package/src/pipeline/__tests__/domain-events-projections.integration.ts +323 -0
package/src/pipeline/__tests__/event-dedup.integration.ts +153 -0
package/src/pipeline/__tests__/event-define-event-strict.integration.ts +202 -0
package/src/pipeline/__tests__/event-dispatcher-lifecycle.integration.ts +220 -0
package/src/pipeline/__tests__/event-dispatcher-multi-instance.integration.ts +423 -0
package/src/pipeline/__tests__/event-dispatcher-pg-listen.integration.ts +123 -0
package/src/pipeline/__tests__/event-dispatcher-recovery.integration.ts +202 -0
package/src/pipeline/__tests__/event-dispatcher-second-audit.integration.ts +290 -0
package/src/pipeline/__tests__/event-dispatcher-strict.test.ts +65 -0
package/src/pipeline/__tests__/event-dispatcher.integration.ts +287 -0
package/src/pipeline/__tests__/event-retention.integration.ts +239 -0
package/src/pipeline/__tests__/fetch-for-writing.integration.ts +281 -0
package/src/pipeline/__tests__/lifecycle-pipeline.test.ts +430 -0
package/src/pipeline/__tests__/load-aggregate-query.integration.ts +266 -0
package/src/pipeline/__tests__/msp-error-mode.integration.ts +149 -0
package/src/pipeline/__tests__/msp-multi-hop.integration.ts +228 -0
package/src/pipeline/__tests__/msp-rebuild.integration.ts +368 -0
package/src/pipeline/__tests__/multi-stream-projection.integration.ts +341 -0
package/src/pipeline/__tests__/perf-rebuild.integration.ts +147 -0
package/src/pipeline/__tests__/projection-rebuild.integration.ts +551 -0
package/src/pipeline/__tests__/query-projection.integration.ts +201 -0
package/src/pipeline/__tests__/redis-pipeline.integration.ts +306 -0
package/src/pipeline/append-event-core.ts +117 -0
package/src/pipeline/auth-claims-resolver.ts +103 -0
package/src/pipeline/cascade-handler.ts +113 -0
package/src/pipeline/dispatcher.ts +1585 -0
package/src/pipeline/distributed-lock.ts +37 -0
package/src/pipeline/entity-cache.ts +113 -0
package/src/pipeline/event-consumer-state.ts +108 -0
package/src/pipeline/event-dedup.ts +23 -0
package/src/pipeline/event-dispatcher.ts +1016 -0
package/src/pipeline/event-retention.ts +154 -0
package/src/pipeline/idempotency.ts +76 -0
package/src/pipeline/index.ts +66 -0
package/src/pipeline/lifecycle-pipeline.ts +409 -0
package/src/pipeline/msp-rebuild.ts +242 -0
package/src/pipeline/multi-stream-apply-context.ts +115 -0
package/src/pipeline/projection-rebuild.ts +334 -0
package/src/pipeline/projection-state.ts +72 -0
package/src/pipeline/projections-runner.ts +56 -0
package/src/pipeline/redis-keys.ts +11 -0
package/src/pipeline/system-hooks.ts +190 -0
package/src/random/__tests__/generate.test.ts +149 -0
package/src/random/generate.ts +141 -0
package/src/random/index.ts +8 -0
package/src/random/words.ts +392 -0
package/src/rate-limit/__tests__/dispatcher-l3.integration.ts +111 -0
package/src/rate-limit/__tests__/middleware.integration.ts +189 -0
package/src/rate-limit/__tests__/resolver.integration.ts +189 -0
package/src/rate-limit/bucket.ts +36 -0
package/src/rate-limit/index.ts +14 -0
package/src/rate-limit/middleware.ts +152 -0
package/src/rate-limit/resolver.ts +267 -0
package/src/redis/__tests__/redis-options.test.ts +54 -0
package/src/redis/index.ts +74 -0
package/src/search/__tests__/meilisearch-adapter.integration.ts +236 -0
package/src/search/__tests__/search-adapter.test.ts +256 -0
package/src/search/in-memory-adapter.ts +123 -0
package/src/search/index.ts +12 -0
package/src/search/meilisearch-adapter.ts +106 -0
package/src/search/types.ts +39 -0
package/src/secrets/__tests__/dek-cache.test.ts +213 -0
package/src/secrets/__tests__/env-master-key-provider.test.ts +119 -0
package/src/secrets/__tests__/envelope.test.ts +74 -0
package/src/secrets/__tests__/leak-guard.test.ts +92 -0
package/src/secrets/__tests__/rotation.test.ts +149 -0
package/src/secrets/dek-cache.ts +116 -0
package/src/secrets/env-master-key-provider.ts +162 -0
package/src/secrets/envelope.ts +55 -0
package/src/secrets/index.ts +19 -0
package/src/secrets/leak-guard.ts +87 -0
package/src/secrets/rotation.ts +34 -0
package/src/secrets/types.ts +107 -0
package/src/stack/db.ts +104 -0
package/src/stack/event-collector.ts +23 -0
package/src/stack/index.ts +32 -0
package/src/stack/redis.ts +44 -0
package/src/stack/request-helper.ts +168 -0
package/src/stack/table-helpers.ts +104 -0
package/src/stack/test-stack.ts +357 -0
package/src/stack/test-users.ts +37 -0
package/src/testing/__tests__/e2e-generator.test.ts +230 -0
package/src/testing/__tests__/ensure-entity-table.integration.ts +54 -0
package/src/testing/access-assertions.ts +15 -0
package/src/testing/assertions.ts +35 -0
package/src/testing/e2e-generator.ts +465 -0
package/src/testing/expect-error.ts +25 -0
package/src/testing/handler-context.ts +125 -0
package/src/testing/http-cookies.ts +52 -0
package/src/testing/index.ts +41 -0
package/src/testing/late-bound.ts +39 -0
package/src/testing/mutable-master-key-provider.ts +31 -0
package/src/testing/observability-recorder.ts +54 -0
package/src/testing/shared-entities.ts +49 -0
package/src/testing/utils.ts +1 -0
package/src/testing/wait-for.ts +31 -0
package/src/time/__tests__/polyfill.test.ts +73 -0
package/src/time/__tests__/tz-context.test.ts +121 -0
package/src/time/index.ts +21 -0
package/src/time/polyfill.ts +70 -0
package/src/time/tz-context.ts +107 -0
package/src/ui-types/app-schema.ts +57 -0
package/src/ui-types/index.ts +65 -0
package/src/utils/__tests__/assert.test.ts +17 -0
package/src/utils/__tests__/env-parse.test.ts +54 -0
package/src/utils/assert.ts +18 -0
package/src/utils/env-parse.ts +16 -0
package/src/utils/ids.ts +16 -0
package/src/utils/index.ts +5 -0
package/src/utils/safe-json.ts +30 -0
package/src/utils/serialization.ts +7 -0

package/src/api/__tests__/auth-middleware-transport.test.ts ADDED Viewed

@@ -0,0 +1,80 @@
+// auth-middleware: cookie + bearer + reject-both. Pure-logic unit tests
+// against a hand-rolled Hono app — no DB, no dispatcher. Exercises the
+// transport-extraction path that drives the csrf-middleware downstream.
+import { Hono } from "hono";
+import { describe, expect, test } from "vitest";
+import { TestUsers } from "../../stack";
+import { AUTH_COOKIE_NAME, authMiddleware, getAuthTransport, getUser } from "../auth-middleware";
+import { createJwtHelper } from "../jwt";
+const JWT_SECRET = "auth-middleware-transport-test-secret-min-32-chars";
+async function buildApp(): Promise<{ app: Hono; token: string }> {
+  const jwt = createJwtHelper(JWT_SECRET);
+  const token = await jwt.sign(TestUsers.user);
+  const app = new Hono();
+  app.use("/api/*", authMiddleware(jwt));
+  app.get("/api/ping", (c) => {
+    const user = getUser(c);
+    const transport = getAuthTransport(c);
+    return c.json({ userId: user.id, transport });
+  });
+  return { app, token };
+}
+describe("auth-middleware transport selection", () => {
+  test("bearer header authenticates and sets transport=bearer", async () => {
+    const { app, token } = await buildApp();
+    const res = await app.request("/api/ping", {
+      headers: { Authorization: `Bearer ${token}` },
+    });
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as { userId: string; transport: string };
+    expect(body.userId).toBe(TestUsers.user.id);
+    expect(body.transport).toBe("bearer");
+  });
+  test("auth cookie authenticates and sets transport=cookie", async () => {
+    const { app, token } = await buildApp();
+    const res = await app.request("/api/ping", {
+      headers: { Cookie: `${AUTH_COOKIE_NAME}=${token}` },
+    });
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as { userId: string; transport: string };
+    expect(body.userId).toBe(TestUsers.user.id);
+    expect(body.transport).toBe("cookie");
+  });
+  test("both cookie AND bearer → 400 ambiguous_auth", async () => {
+    const { app, token } = await buildApp();
+    const res = await app.request("/api/ping", {
+      headers: {
+        Authorization: `Bearer ${token}`,
+        Cookie: `${AUTH_COOKIE_NAME}=${token}`,
+      },
+    });
+    expect(res.status).toBe(400);
+    const body = (await res.json()) as { error: { code: string; httpStatus: number } };
+    expect(body.error.code).toBe("ambiguous_auth");
+    expect(body.error.httpStatus).toBe(400);
+  });
+  test("neither cookie nor bearer → 401 missing_token", async () => {
+    const { app } = await buildApp();
+    const res = await app.request("/api/ping");
+    expect(res.status).toBe(401);
+    const body = (await res.json()) as { error: { code: string } };
+    expect(body.error.code).toBe("missing_token");
+  });
+  test("invalid cookie JWT → 401 invalid_token", async () => {
+    const { app } = await buildApp();
+    const res = await app.request("/api/ping", {
+      headers: { Cookie: `${AUTH_COOKIE_NAME}=not-a-real-jwt` },
+    });
+    expect(res.status).toBe(401);
+    const body = (await res.json()) as { error: { code: string } };
+    expect(body.error.code).toBe("invalid_token");
+  });
+});

package/src/api/__tests__/auth-routes-cookie.test.ts ADDED Viewed

@@ -0,0 +1,179 @@
+// auth-routes cookie behaviour — login sets cookies, logout clears them,
+// switch-tenant rotates them, cookieSameSite controls the SameSite flag.
+//
+// Uses a stub Dispatcher so the tests exercise ONLY the HTTP-layer cookie
+// logic — full-stack login via real loginHandler is covered by the
+// auth-cookie sample integration test.
+import type { Hono } from "hono";
+import { Hono as HonoCtor } from "hono";
+import { describe, expect, test } from "vitest";
+import type { SessionUser } from "../../engine/types";
+import type { BatchResult, Dispatcher, WriteResult } from "../../pipeline/dispatcher";
+import { TestUsers } from "../../stack";
+import { getSetCookieRaw, getSetCookies } from "../../testing/http-cookies";
+import { PUBLIC_API_PATHS } from "../api-constants";
+import { AUTH_COOKIE_NAME, authMiddleware, CSRF_COOKIE_NAME } from "../auth-middleware";
+import { type AuthRoutesConfig, createAuthRoutes } from "../auth-routes";
+import { createJwtHelper } from "../jwt";
+const JWT_SECRET = "auth-routes-cookie-test-secret-min-32-characters";
+function createStubDispatcher(overrides?: Partial<Dispatcher>): Dispatcher {
+  const base: Dispatcher = {
+    async write(): Promise<WriteResult> {
+      // Explicit `const: WriteResult` locks the `isSuccess: true` branch of
+      // the union without an `as`-cast (which widens + silences the
+      // compiler). Success shape has to satisfy `{ isSuccess: true; data }`.
+      const ok: WriteResult = {
+        isSuccess: true,
+        data: {
+          kind: "auth-session",
+          session: TestUsers.user,
+        },
+      };
+      return ok;
+    },
+    async query(): Promise<unknown> {
+      return [];
+    },
+    async command(): Promise<void> {},
+    async batch(): Promise<BatchResult> {
+      const ok: BatchResult = { isSuccess: true, results: [] };
+      return ok;
+    },
+    async resolveAuthClaims(): Promise<Record<string, unknown>> {
+      return {};
+    },
+  };
+  return { ...base, ...overrides };
+}
+async function buildApp(
+  overrides: Partial<AuthRoutesConfig> = {},
+  dispatcher: Dispatcher = createStubDispatcher(),
+): Promise<{ app: Hono; validToken: string }> {
+  const jwt = createJwtHelper(JWT_SECRET);
+  const validToken = await jwt.sign(TestUsers.user);
+  const config: AuthRoutesConfig = {
+    membershipQuery: "tenant:query:memberships",
+    loginHandler: "auth:write:login",
+    loginRateLimit: null, // don't need rate-limit interference in cookie tests
+    ...overrides,
+  };
+  const app = new HonoCtor();
+  const jwtGuard = authMiddleware(jwt);
+  app.use("/api/*", async (c, next) => {
+    if (PUBLIC_API_PATHS.has(c.req.path)) return next();
+    return jwtGuard(c, next);
+  });
+  app.route("/api", createAuthRoutes(dispatcher, jwt, config));
+  return { app, validToken };
+}
+describe("auth-routes cookie behaviour on /auth/login", () => {
+  test("login sets both kumiko_auth and kumiko_csrf cookies", async () => {
+    const { app } = await buildApp();
+    const res = await app.request("/api/auth/login", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ email: "a@b.c", password: "pw" }),
+    });
+    expect(res.status).toBe(200);
+    const cookies = getSetCookies(res);
+    expect(cookies.get(AUTH_COOKIE_NAME)).toBeDefined();
+    expect(cookies.get(CSRF_COOKIE_NAME)).toBeDefined();
+  });
+  test("cookieSameSite defaults to Lax", async () => {
+    const { app } = await buildApp();
+    const res = await app.request("/api/auth/login", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ email: "a@b.c", password: "pw" }),
+    });
+    expect(getSetCookieRaw(res, AUTH_COOKIE_NAME)).toMatch(/SameSite=Lax/i);
+  });
+  test("cookieSameSite: strict → SameSite=Strict flag", async () => {
+    const { app } = await buildApp({ cookieSameSite: "strict" });
+    const res = await app.request("/api/auth/login", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ email: "a@b.c", password: "pw" }),
+    });
+    expect(getSetCookieRaw(res, AUTH_COOKIE_NAME)).toMatch(/SameSite=Strict/i);
+  });
+  test("auth cookie is HttpOnly, csrf cookie is not", async () => {
+    const { app } = await buildApp();
+    const res = await app.request("/api/auth/login", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ email: "a@b.c", password: "pw" }),
+    });
+    expect(getSetCookieRaw(res, AUTH_COOKIE_NAME)).toMatch(/HttpOnly/i);
+    expect(getSetCookieRaw(res, CSRF_COOKIE_NAME)).not.toMatch(/HttpOnly/i);
+  });
+  test("login still returns token in body (for native bearer clients)", async () => {
+    const { app } = await buildApp();
+    const res = await app.request("/api/auth/login", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ email: "a@b.c", password: "pw" }),
+    });
+    const body = (await res.json()) as { isSuccess: boolean; token: string };
+    expect(body.isSuccess).toBe(true);
+    expect(typeof body.token).toBe("string");
+    expect(body.token.length).toBeGreaterThan(20);
+  });
+});
+describe("auth-routes cookie behaviour on /auth/logout", () => {
+  test("logout clears both cookies via Max-Age=0", async () => {
+    const { app, validToken } = await buildApp();
+    const res = await app.request("/api/auth/logout", {
+      method: "POST",
+      headers: { Authorization: `Bearer ${validToken}` },
+    });
+    expect(res.status).toBe(200);
+    expect(getSetCookieRaw(res, AUTH_COOKIE_NAME)).toMatch(/Max-Age=0/i);
+    expect(getSetCookieRaw(res, CSRF_COOKIE_NAME)).toMatch(/Max-Age=0/i);
+  });
+});
+describe("auth-routes cookie behaviour on /auth/switch-tenant", () => {
+  test("switch-tenant rotates both cookies", async () => {
+    const otherTenant = TestUsers.otherTenant;
+    const dispatcher = createStubDispatcher({
+      async query(type: string, _payload: unknown, _user: SessionUser): Promise<unknown> {
+        if (type === "tenant:query:memberships") {
+          return [
+            {
+              userId: TestUsers.user.id,
+              tenantId: otherTenant.tenantId,
+              roles: otherTenant.roles,
+            },
+          ];
+        }
+        return [];
+      },
+    });
+    const { app, validToken } = await buildApp({}, dispatcher);
+    const res = await app.request("/api/auth/switch-tenant", {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${validToken}`,
+      },
+      body: JSON.stringify({ tenantId: otherTenant.tenantId }),
+    });
+    expect(res.status).toBe(200);
+    const cookies = getSetCookies(res);
+    const newAuth = cookies.get(AUTH_COOKIE_NAME);
+    expect(newAuth).toBeDefined();
+    expect(cookies.get(CSRF_COOKIE_NAME)).toBeDefined();
+    expect(newAuth?.value).not.toBe(validToken); // new jwt
+  });
+});

package/src/api/__tests__/batch.integration.ts ADDED Viewed

@@ -0,0 +1,404 @@
+import { afterAll, beforeAll, beforeEach, describe, expect, test } from "vitest";
+import { z } from "zod";
+import { createEventStoreExecutor } from "../../db/event-store-executor";
+import { buildDrizzleTable } from "../../db/table-builder";
+import {
+  createEntity,
+  createNumberField,
+  createTextField,
+  defineFeature,
+  type EntityId,
+  HookPhases,
+  type SaveContext,
+} from "../../engine";
+import { UnprocessableError, writeFailure } from "../../errors";
+import { createEntityTable, setupTestStack, type TestStack, TestUsers } from "../../stack";
+// Entity: a simple "item" with name + counter
+const itemEntity = createEntity({
+  table: "batch_items",
+  fields: {
+    name: createTextField({ required: true }),
+    counter: createNumberField({ default: 0 }),
+  },
+});
+const itemTable = buildDrizzleTable("item", itemEntity);
+// Second entity used by an inTransaction hook to prove that hook DB writes
+// roll back with the main transaction.
+const auditEntity = createEntity({
+  table: "batch_audit",
+  fields: {
+    action: createTextField({ required: true }),
+    itemId: createTextField({ required: true }),
+  },
+});
+const auditTable = buildDrizzleTable("audit", auditEntity);
+// Hook invocation logs — reset per test. Captures which phase each hook saw.
+const inTxHookLog: Array<{ id: EntityId; name: string }> = [];
+const afterCommitHookLog: Array<{ id: EntityId; name: string }> = [];
+// Toggles for afterCommit fault-injection test
+let afterCommitShouldThrow = false;
+const afterCommitThirdHookRan: string[] = [];
+const itemFeature = defineFeature("batch", (r) => {
+  const item = r.entity("item", itemEntity);
+  r.writeHandler(
+    "item:create",
+    z.object({ name: z.string().min(1), counter: z.number().optional() }),
+    async (event, ctx) => {
+      const crud = createEventStoreExecutor(itemTable, itemEntity, { entityName: "item" });
+      return crud.create(event.payload, event.user, ctx.db);
+    },
+    { access: { roles: ["Admin"] } },
+  );
+  // Handler that always fails validation — used to trigger rollback mid-batch
+  r.writeHandler(
+    "item:fail",
+    z.object({ name: z.string().min(1) }),
+    async () => writeFailure(new UnprocessableError("intentional_failure")),
+    { access: { roles: ["Admin"] } },
+  );
+  // Handler that always throws — used to verify unexpected throws surface as failures
+  r.writeHandler(
+    "item:throw",
+    z.object({ name: z.string().min(1) }),
+    async () => {
+      throw new Error("handler_crashed");
+    },
+    { access: { roles: ["Admin"] } },
+  );
+  // Entity hook: inTransaction — records in memory
+  r.entityHook(
+    "postSave",
+    item,
+    async (result: SaveContext) => {
+      inTxHookLog.push({ id: result.id, name: (result.data["name"] as string) ?? "" });
+    },
+    { phase: HookPhases.inTransaction },
+  );
+  // Entity hook: inTransaction — writes to DB via ctx.db (the tx-scoped TenantDb).
+  // Proves that hook DB writes roll back with the main transaction on failure.
+  r.entityHook(
+    "postSave",
+    item,
+    async (result, ctx) => {
+      if (!ctx.db) return;
+      await ctx.db
+        .insert(auditTable)
+        .values({ action: "item_saved", itemId: result.id })
+        .returning();
+    },
+    { phase: HookPhases.inTransaction },
+  );
+  // Entity hook: afterCommit — records in memory (default phase)
+  r.entityHook("postSave", item, async (result: SaveContext) => {
+    afterCommitHookLog.push({ id: result.id, name: (result.data["name"] as string) ?? "" });
+  });
+  // Entity hook: afterCommit — may throw, used to verify error isolation
+  r.entityHook("postSave", item, async () => {
+    if (afterCommitShouldThrow) throw new Error("afterCommit_boom");
+  });
+  // Entity hook: afterCommit — runs AFTER the throwing one. Used to prove the
+  // next hooks still fire despite the earlier failure.
+  r.entityHook("postSave", item, async (result: SaveContext) => {
+    afterCommitThirdHookRan.push((result.data["name"] as string) ?? "");
+  });
+  // Two hooks used by the parallelism test. Each records its start+end
+  // timestamps so the assertion can compare intervals rather than elapsed
+  // wall-clock time (which is timing-flaky on loaded CI boxes).
+  r.entityHook("postSave", item, async (result: SaveContext) => {
+    const name = result.data["name"] as string;
+    if (!name?.startsWith("slowness-")) return;
+    parallelismWindows.push({ hook: "A", start: Date.now() });
+    await new Promise((r) => setTimeout(r, 80));
+    parallelismWindows.push({ hook: "A", end: Date.now() });
+  });
+  r.entityHook("postSave", item, async (result: SaveContext) => {
+    const name = result.data["name"] as string;
+    if (!name?.startsWith("slowness-")) return;
+    parallelismWindows.push({ hook: "B", start: Date.now() });
+    await new Promise((r) => setTimeout(r, 80));
+    parallelismWindows.push({ hook: "B", end: Date.now() });
+  });
+});
+// Start + end timestamps recorded by the parallelism hooks above. A pair of
+// hooks that ran truly in parallel will show B.start < A.end (and vice-versa),
+// regardless of how long the whole request took overall.
+//
+// Module-level mutable state — safe here because Vitest runs tests inside a
+// single file sequentially (the default). If someone flips vitest's
+// `sequence.concurrent` on for this file, the test body would need its own
+// window collector passed through ctx instead.
+type ParallelismEvent = { hook: "A" | "B"; start?: number; end?: number };
+const parallelismWindows: ParallelismEvent[] = [];
+let stack: TestStack;
+const admin = TestUsers.admin;
+beforeAll(async () => {
+  stack = await setupTestStack({ features: [itemFeature] });
+  await createEntityTable(stack.db, itemEntity);
+  await createEntityTable(stack.db, auditEntity);
+});
+afterAll(async () => {
+  await stack.cleanup();
+});
+beforeEach(async () => {
+  inTxHookLog.length = 0;
+  afterCommitHookLog.length = 0;
+  afterCommitThirdHookRan.length = 0;
+  afterCommitShouldThrow = false;
+  parallelismWindows.length = 0;
+  stack.events.reset();
+  await stack.db.delete(itemTable);
+  await stack.db.delete(auditTable);
+});
+describe("POST /api/batch", () => {
+  test("empty commands array returns success with empty results", async () => {
+    const res = await stack.http.batch([], admin);
+    expect(res.status).toBe(200);
+    const body = await res.json();
+    expect(body.isSuccess).toBe(true);
+    expect(body.results).toEqual([]);
+  });
+  test("rejects non-array commands with 400", async () => {
+    const res = await stack.http.raw(
+      "POST",
+      "/api/batch",
+      // biome-ignore lint/suspicious/noExplicitAny: intentional bad body
+      { commands: "not-an-array" as any },
+      { Authorization: `Bearer ${await stack.jwt.sign(admin)}` },
+    );
+    expect(res.status).toBe(400);
+  });
+  test("all-succeed: writes persist, both phases fire per command", async () => {
+    const res = await stack.http.batch(
+      [
+        { type: "batch:write:item:create", payload: { name: "alpha" } },
+        { type: "batch:write:item:create", payload: { name: "beta" } },
+        { type: "batch:write:item:create", payload: { name: "gamma" } },
+      ],
+      admin,
+    );
+    const body = await res.json();
+    expect(res.status).toBe(200);
+    expect(body.isSuccess).toBe(true);
+    expect(body.results).toHaveLength(3);
+    for (const r of body.results) expect(r.isSuccess).toBe(true);
+    // Both phases fired once per command, same ids, same order
+    expect(inTxHookLog).toHaveLength(3);
+    expect(afterCommitHookLog).toHaveLength(3);
+    expect(inTxHookLog.map((h) => h.name)).toEqual(["alpha", "beta", "gamma"]);
+    expect(afterCommitHookLog.map((h) => h.name)).toEqual(["alpha", "beta", "gamma"]);
+    // Rows actually persisted
+    const rows = await stack.db.select().from(itemTable);
+    expect(rows).toHaveLength(3);
+  });
+  test("mid-batch failure: all writes roll back, afterCommit hooks do NOT fire", async () => {
+    // Seed with one existing item so we can verify the batch didn't persist anything
+    await stack.db
+      .insert(itemTable)
+      .values({ name: "seed", counter: 0, tenantId: "00000000-0000-4000-8000-000000000001" });
+    const seedCount = (await stack.db.select().from(itemTable)).length;
+    const res = await stack.http.batch(
+      [
+        { type: "batch:write:item:create", payload: { name: "will-rollback-1" } },
+        { type: "batch:write:item:fail", payload: { name: "fails" } },
+        { type: "batch:write:item:create", payload: { name: "never-runs" } },
+      ],
+      admin,
+    );
+    const body = await res.json();
+    // UnprocessableError → 422 (business-rule violation), which is the
+    // "expected failure" HTTP status. The batch envelope keeps `failedIndex`
+    // + `results` alongside the error payload so callers know which command
+    // tripped the rollback.
+    expect(res.status).toBe(422);
+    expect(body.isSuccess).toBe(false);
+    expect(body.failedIndex).toBe(1);
+    expect(body.error.code).toBe("unprocessable");
+    expect(body.error.details.reason).toBe("intentional_failure");
+    // inTransaction hook fired for the first successful command (then rolled back
+    // — but the hook log is in-memory, it persists)
+    expect(inTxHookLog.map((h) => h.name)).toEqual(["will-rollback-1"]);
+    // afterCommit hook must NOT have fired (transaction rolled back)
+    expect(afterCommitHookLog).toEqual([]);
+    // DB: only the seed row remains, the batch's first successful write rolled back
+    const rows = await stack.db.select().from(itemTable);
+    expect(rows).toHaveLength(seedCount);
+    expect((rows[0] as { name: string }).name).toBe("seed");
+  });
+  test("inTransaction hook DB writes roll back with the batch", async () => {
+    // Successful batch: audit rows should be written
+    const okRes = await stack.http.batch(
+      [{ type: "batch:write:item:create", payload: { name: "alpha" } }],
+      admin,
+    );
+    expect((await okRes.json()).isSuccess).toBe(true);
+    const auditAfterOk = await stack.db.select().from(auditTable);
+    expect(auditAfterOk).toHaveLength(1);
+    expect((auditAfterOk[0] as { action: string }).action).toBe("item_saved");
+    // Reset — new batch fails mid-way. Both entity rows AND audit rows must roll back.
+    await stack.db.delete(itemTable);
+    await stack.db.delete(auditTable);
+    const failRes = await stack.http.batch(
+      [
+        { type: "batch:write:item:create", payload: { name: "beta" } },
+        { type: "batch:write:item:fail", payload: { name: "stop" } },
+      ],
+      admin,
+    );
+    expect((await failRes.json()).isSuccess).toBe(false);
+    // Both tables are empty — the inTransaction audit hook's write rolled back
+    // together with the item row.
+    const itemsAfterFail = await stack.db.select().from(itemTable);
+    const auditAfterFail = await stack.db.select().from(auditTable);
+    expect(itemsAfterFail).toHaveLength(0);
+    expect(auditAfterFail).toHaveLength(0);
+  });
+  test("afterCommit hooks run in parallel (B starts before A finishes)", async () => {
+    const res = await stack.http.batch(
+      [{ type: "batch:write:item:create", payload: { name: "slowness-parallel" } }],
+      admin,
+    );
+    expect(res.status).toBe(200);
+    // Extract each hook's interval independently — checks overlap of
+    // intervals, not total elapsed time. Robust against CI noise.
+    const aStart = parallelismWindows.find((e) => e.hook === "A" && e.start !== undefined)?.start;
+    const aEnd = parallelismWindows.find((e) => e.hook === "A" && e.end !== undefined)?.end;
+    const bStart = parallelismWindows.find((e) => e.hook === "B" && e.start !== undefined)?.start;
+    const bEnd = parallelismWindows.find((e) => e.hook === "B" && e.end !== undefined)?.end;
+    expect(aStart).toBeDefined();
+    expect(aEnd).toBeDefined();
+    expect(bStart).toBeDefined();
+    expect(bEnd).toBeDefined();
+    // Parallel iff the two intervals overlap: one starts before the other
+    // ends. Sequential execution would produce disjoint intervals.
+    const overlap = (aStart as number) < (bEnd as number) && (bStart as number) < (aEnd as number);
+    expect(overlap).toBe(true);
+  });
+  test("afterCommit hook error is isolated: batch succeeds, other hooks still fire", async () => {
+    afterCommitShouldThrow = true;
+    const res = await stack.http.batch(
+      [{ type: "batch:write:item:create", payload: { name: "omega" } }],
+      admin,
+    );
+    // Batch is reported successful despite the afterCommit hook throwing
+    const body = await res.json();
+    expect(res.status).toBe(200);
+    expect(body.isSuccess).toBe(true);
+    // DB row persisted (tx committed)
+    const rows = await stack.db.select().from(itemTable);
+    expect(rows).toHaveLength(1);
+    // The hook AFTER the throwing one still ran — errors don't cascade
+    expect(afterCommitThirdHookRan).toEqual(["omega"]);
+  });
+  test("idempotency: repeated batch with same requestId returns cached result, no re-exec", async () => {
+    const requestId = "batch-rid-123";
+    const commands = [{ type: "batch:write:item:create", payload: { name: "once" } }];
+    const first = await stack.http.batch(commands, admin, requestId);
+    const firstBody = await first.json();
+    expect(firstBody.isSuccess).toBe(true);
+    expect(firstBody.results).toHaveLength(1);
+    const rowsAfterFirst = await stack.db.select().from(itemTable);
+    expect(rowsAfterFirst).toHaveLength(1);
+    // Hook logs reflect one execution
+    expect(inTxHookLog).toHaveLength(1);
+    expect(afterCommitHookLog).toHaveLength(1);
+    // Retry with the same requestId — same response, but commands did NOT run again
+    const second = await stack.http.batch(commands, admin, requestId);
+    const secondBody = await second.json();
+    expect(secondBody.isSuccess).toBe(true);
+    expect(secondBody.results).toEqual(firstBody.results);
+    // DB still has only one row (no double-insert)
+    const rowsAfterSecond = await stack.db.select().from(itemTable);
+    expect(rowsAfterSecond).toHaveLength(1);
+    // Hooks didn't fire a second time
+    expect(inTxHookLog).toHaveLength(1);
+    expect(afterCommitHookLog).toHaveLength(1);
+  });
+});
+describe("POST /api/write (single write runs in its own transaction)", () => {
+  test("inTransaction hook DB write persists with the entity write", async () => {
+    const res = await stack.http.write("batch:write:item:create", { name: "single" }, admin);
+    const body = await res.json();
+    expect(body.isSuccess).toBe(true);
+    // Both the item row AND the audit row exist — proves the single write
+    // went through a transaction and the inTx hook shared it.
+    const items = await stack.db.select().from(itemTable);
+    const audits = await stack.db.select().from(auditTable);
+    expect(items).toHaveLength(1);
+    expect(audits).toHaveLength(1);
+  });
+  test("handler throw rolls back inTransaction hook writes too", async () => {
+    // First a successful write so there's something to compare against
+    await stack.http.write("batch:write:item:create", { name: "survivor" }, admin);
+    const beforeItems = await stack.db.select().from(itemTable);
+    const beforeAudits = await stack.db.select().from(auditTable);
+    expect(beforeItems).toHaveLength(1);
+    expect(beforeAudits).toHaveLength(1);
+    // Now a write whose handler throws — nothing new should be committed
+    const res = await stack.http.write("batch:write:item:throw", { name: "crash" }, admin);
+    const body = await res.json();
+    expect(body.isSuccess).toBe(false);
+    const afterItems = await stack.db.select().from(itemTable);
+    const afterAudits = await stack.db.select().from(auditTable);
+    // Counts unchanged — no partial commit
+    expect(afterItems).toHaveLength(beforeItems.length);
+    expect(afterAudits).toHaveLength(beforeAudits.length);
+  });
+});